15 May
2018
15 May
'18
10:42 a.m.
On Tue, May 15, 2018 at 07:06:41PM +0200, Michael Ströder wrote:
Douglas Duckworth wrote:
Does OpenLDAP support use of one time passwords or 2FA for the Manager account?
There are several solutions:
- contrib/slapd-modules/passwd/totp/
A proof of concept overlay which AFAICS replaces checking a normal password by checking a generated TOTP value. So not really 2FA.
We have been looking into how to best make it an actual 2FA solution, though.
- OATH HOTP LDAP Plugin by cargosoft.ru
Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115 I never checked this myself anyway and therefore can't comment.
- OATH-LDAP
Most flexible solution but hard to setup, especially since not fully documented yet. It's currently directly integrated into Æ-DIR but could be used stand-alone. Being the author I'm biased of course.
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP